Module spanner

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

Resources

Others

Resources

Resource Database

class Database extends CustomResource

A Cloud Spanner Database which is hosted on a Spanner instance.

To get more information about Database, see:

Example Usage - Spanner Database Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const main = new gcp.spanner.Instance("main", {
    config: "regional-europe-west1",
    displayName: "main-instance",
});
const database = new gcp.spanner.Database("database", {
    ddls: [
        "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)",
        "CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2)",
    ],
    instance: main.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_database.html.markdown.

constructor

new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptions)

Create a Database resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseState, opts?: pulumi.CustomResourceOptions): Database

Get an existing Database resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Database. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property ddls

public ddls: pulumi.Output<string[] | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

property name

public name: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

public state: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMBinding

class DatabaseIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_database_iam_binding.html.markdown.

constructor

new DatabaseIAMBinding(name: string, args: DatabaseIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMBindingState, opts?: pulumi.CustomResourceOptions): DatabaseIAMBinding

Get an existing DatabaseIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DatabaseIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMMember

class DatabaseIAMMember extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_database_iam_member.html.markdown.

constructor

new DatabaseIAMMember(name: string, args: DatabaseIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMMemberState, opts?: pulumi.CustomResourceOptions): DatabaseIAMMember

Get an existing DatabaseIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DatabaseIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DatabaseIAMPolicy

class DatabaseIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:

  • gcp.spanner.DatabaseIAMPolicy: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your database using gcp.spanner.DatabaseIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.DatabaseIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.
  • gcp.spanner.DatabaseIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.

Note: gcp.spanner.DatabaseIAMPolicy cannot be used in conjunction with gcp.spanner.DatabaseIAMBinding and gcp.spanner.DatabaseIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.DatabaseIAMBinding resources can be used in conjunction with gcp.spanner.DatabaseIAMMember resources only if they do not grant privilege to the same role.

google_spanner_database_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const database = new gcp.spanner.DatabaseIAMPolicy("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_database_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMBinding("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_database_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const database = new gcp.spanner.DatabaseIAMMember("database", {
    database: "your-database-name",
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_database_iam_policy.html.markdown.

constructor

new DatabaseIAMPolicy(name: string, args: DatabaseIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a DatabaseIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DatabaseIAMPolicyState, opts?: pulumi.CustomResourceOptions): DatabaseIAMPolicy

Get an existing DatabaseIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DatabaseIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property database

public database: pulumi.Output<string>;

The name of the Spanner database.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the database’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the Spanner instance the database belongs to.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Instance

class Instance extends CustomResource

An isolated set of Cloud Spanner resources on which databases can be hosted.

To get more information about Instance, see:

Example Usage - Spanner Instance Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const example = new gcp.spanner.Instance("example", {
    config: "regional-us-central1",
    displayName: "Test Spanner Instance",
    labels: {
        foo: "bar",
    },
    numNodes: 2,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_instance.html.markdown.

constructor

new Instance(name: string, args: InstanceArgs, opts?: pulumi.CustomResourceOptions)

Create a Instance resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceState, opts?: pulumi.CustomResourceOptions): Instance

Get an existing Instance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Instance. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property config

public config: pulumi.Output<string>;

property displayName

public displayName: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property labels

public labels: pulumi.Output<{[key: string]: string} | undefined>;

property name

public name: pulumi.Output<string>;

property numNodes

public numNodes: pulumi.Output<number | undefined>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

public state: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMBinding

class InstanceIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_instance_iam_binding.html.markdown.

constructor

new InstanceIAMBinding(name: string, args: InstanceIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMBindingState, opts?: pulumi.CustomResourceOptions): InstanceIAMBinding

Get an existing InstanceIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of InstanceIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property members

public members: pulumi.Output<string[]>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMMember

class InstanceIAMMember extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_instance_iam_member.html.markdown.

constructor

new InstanceIAMMember(name: string, args: InstanceIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMMemberState, opts?: pulumi.CustomResourceOptions): InstanceIAMMember

Get an existing InstanceIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of InstanceIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property member

public member: pulumi.Output<string>;

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource InstanceIAMPolicy

class InstanceIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:

  • gcp.spanner.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.

Warning: It’s entirely possibly to lock yourself out of your instance using gcp.spanner.InstanceIAMPolicy. Any permissions granted by default will be removed unless you include them in your config.

  • gcp.spanner.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
  • gcp.spanner.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.

Note: gcp.spanner.InstanceIAMPolicy cannot be used in conjunction with gcp.spanner.InstanceIAMBinding and gcp.spanner.InstanceIAMMember or they will fight over what your policy should be.

Note: gcp.spanner.InstanceIAMBinding resources can be used in conjunction with gcp.spanner.InstanceIAMMember resources only if they do not grant privilege to the same role.

google_spanner_instance_iam_policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const admin = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["user:jane@example.com"],
        role: "roles/editor",
    }],
});
const instance = new gcp.spanner.InstanceIAMPolicy("instance", {
    instance: "your-instance-name",
    policyData: admin.policyData,
});

google_spanner_instance_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMBinding("instance", {
    instance: "your-instance-name",
    members: ["user:jane@example.com"],
    role: "roles/compute.networkUser",
});

google_spanner_instance_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const instance = new gcp.spanner.InstanceIAMMember("instance", {
    instance: "your-instance-name",
    member: "user:jane@example.com",
    role: "roles/compute.networkUser",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/spanner_instance_iam_policy.html.markdown.

constructor

new InstanceIAMPolicy(name: string, args: InstanceIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceIAMPolicyState, opts?: pulumi.CustomResourceOptions): InstanceIAMPolicy

Get an existing InstanceIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of InstanceIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the instance’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

The name of the instance.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface DatabaseArgs

interface DatabaseArgs

The set of arguments for constructing a Database resource.

property ddls

ddls?: pulumi.Input<pulumi.Input<string>[]>;

property instance

instance: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseIAMBindingArgs

interface DatabaseIAMBindingArgs

The set of arguments for constructing a DatabaseIAMBinding resource.

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMBindingState

interface DatabaseIAMBindingState

Input properties used for looking up and filtering DatabaseIAMBinding resources.

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMMemberArgs

interface DatabaseIAMMemberArgs

The set of arguments for constructing a DatabaseIAMMember resource.

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMMemberState

interface DatabaseIAMMemberState

Input properties used for looking up and filtering DatabaseIAMMember resources.

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.DatabaseIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface DatabaseIAMPolicyArgs

interface DatabaseIAMPolicyArgs

The set of arguments for constructing a DatabaseIAMPolicy resource.

property database

database: pulumi.Input<string>;

The name of the Spanner database.

property instance

instance: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseIAMPolicyState

interface DatabaseIAMPolicyState

Input properties used for looking up and filtering DatabaseIAMPolicy resources.

property database

database?: pulumi.Input<string>;

The name of the Spanner database.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the database’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the Spanner instance the database belongs to.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface DatabaseState

interface DatabaseState

Input properties used for looking up and filtering Database resources.

property ddls

ddls?: pulumi.Input<pulumi.Input<string>[]>;

property instance

instance?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

state?: pulumi.Input<string>;

interface InstanceArgs

interface InstanceArgs

The set of arguments for constructing a Instance resource.

property config

config: pulumi.Input<string>;

property displayName

displayName: pulumi.Input<string>;

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

property name

name?: pulumi.Input<string>;

property numNodes

numNodes?: pulumi.Input<number>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceIAMBindingArgs

interface InstanceIAMBindingArgs

The set of arguments for constructing a InstanceIAMBinding resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMBindingState

interface InstanceIAMBindingState

Input properties used for looking up and filtering InstanceIAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMMemberArgs

interface InstanceIAMMemberArgs

The set of arguments for constructing a InstanceIAMMember resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property member

member: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMMemberState

interface InstanceIAMMemberState

Input properties used for looking up and filtering InstanceIAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property member

member?: pulumi.Input<string>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one gcp.spanner.InstanceIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface InstanceIAMPolicyArgs

interface InstanceIAMPolicyArgs

The set of arguments for constructing a InstanceIAMPolicy resource.

property instance

instance: pulumi.Input<string>;

The name of the instance.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceIAMPolicyState

interface InstanceIAMPolicyState

Input properties used for looking up and filtering InstanceIAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the instance’s IAM policy.

property instance

instance?: pulumi.Input<string>;

The name of the instance.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a gcp.organizations.getIAMPolicy data source.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

interface InstanceState

interface InstanceState

Input properties used for looking up and filtering Instance resources.

property config

config?: pulumi.Input<string>;

property displayName

displayName?: pulumi.Input<string>;

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

property name

name?: pulumi.Input<string>;

property numNodes

numNodes?: pulumi.Input<number>;

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property state

state?: pulumi.Input<string>;